Denial Of Service (Dos)

ceph is vulnerable to denial of service. There is no defined limit for ListBucket max-keys in the RGW codebase, allowing users to crash the application against OMAPs holding bucket indices...

ceph: ListBucket max-keys has no defined limit in the RGW codebase

A flaw was found in the way the ListBucket function max-keys has no defined limit in the RGW codebase. An authenticated ceph RGW user can cause a denial of service attack against OMAPs holding bucked indices...